- Company Name
- BACP
- Job Title
- Data Protection and Securities Officer
- Job Description
-
Job Title: Data Protection and Securities Officer
Role Summary
Senior compliance specialist responsible for the organization’s data protection strategy, ensuring full adherence to UK GDPR, Data Protection Act 2018, and related legislation. Acts as the primary point of contact for data protection queries, breach management, and training, driving a culture of accountability and data security across all operational levels.
Expectations
* Lead the data protection function independently with no direct team authority.
* Maintain up‑to‑date knowledge of legislative changes and industry best practices.
* Demonstrate strong negotiation and influencing skills to secure compliance across departments.
* Deliver timely training and awareness programmes that meet regulatory standards.
Key Responsibilities
1. Serve as Data Protection Lead, overseeing GDPR compliance, policy development, and adherence to statutory obligations.
2. Act as CLM contact for staff, members, and stakeholders, managing SARs, erasure requests, and general data protection queries.
3. Draft, review, and publish Privacy Notices and related communications, ensuring transparency and consent mechanisms.
4. Lead breach response, maintaining a breach register, conducting root‑cause analyses, implementing corrective actions, and reporting qualifying incidents to the ICO.
5. Coordinate and validate Data Protection Impact Assessments (DPIAs) for projects and systems, advising on risk mitigation.
6. Conduct regular audits, identify gaps, and recommend corrective measures to senior leadership.
7. Develop and deliver data protection training for employees and volunteers, creating resources and maintaining updated material.
8. Collaborate with IT, website, and infrastructure teams to enforce privacy‑by‑design and secure system architecture.
9. Provide cybersecurity guidance on encryption, anonymisation, network security, and secure software procurement.
10. Support contracts and procurement teams by reviewing data protection clauses and ensuring compliance risks are mitigated.
Required Skills
* Expert knowledge of UK GDPR, Data Protection Act 2018, and related statutory obligations.
* High IT literacy, with experience in data security applications, system controls, and data governance tools.
* Strong understanding of cybersecurity principles, encryption, network security, and data anonymisation.
* Project management competence – ability to deliver cross‑functional initiatives under tight deadlines.
* Outstanding communication (written and verbal) and stakeholder engagement at all organisational levels.
* Excellent problem‑solving, negotiation, and influence abilities; capable of driving change without direct authority.
* Time‑management skills to handle multiple urgent compliance matters concurrently.
Required Education & Certifications
* Bachelor’s degree (or equivalent senior technical experience).
* Professional certifications preferable: CIPP/E UK, CIPT, ISO 27001 Lead Implementer, or GDPR Practitioner.
---
Lutterworth, United kingdom
On site
13-02-2026